As its name stands for retargeting is about targeting someone who has already been targeted in the past. So to say, someone who already visited your website. This process works thanks what we call cookies and cross-site scripting (so to say the possibility to read cookies from different websites).
Note though that you can define any behavior you want, so it is not only about the visitors who did not convert on your website, it can be about the one who did, or we purchased something which was not your main product. The big thing to understand is that they need to have been in contact with your website or you may have to find a way to store a cookie in their browser.
Of course, as we are talking about cookies, we are talking as well about data protection. The trend is the following, you need to get the consent from the visitor in order to fire those cookies.